'use strict';

var appConfig = require('../config/config');

var adminAllowed = appConfig.policies.admin;
var userAllowed = appConfig.policies.user;

exports.isAllowed = function (req, res, next) {

    var roles = req.user.role;

    if (roles.indexOf("admin") >= 0 && adminAllowed.indexOf(req.route.path) >= 0) {
        return next();
    } else if (roles.indexOf("user") >= 0 && userAllowed.indexOf(req.route.path) >= 0) {
        return next();
    } else {
        return res.status(403).json({message: 'User is not authorized'});
    }
};
